Ed Warner wrote:
Message: 9
Date: Sat, 19 Jul 2008 19:50:26 +0200
From: Gijs <info@boer-software-en-webservices.nl>
Subject: Re: bind update keeps messing up write-rights
To: For users of Fedora <fedora-list@redhat.com>
Message-ID:
<48822962.5080202@boer-software-en-webservices.nl>
Content-Type: text/plain; charset="iso-8859-1"
Ed Warner wrote:
Message: 7
Date: Sat, 19 Jul 2008 06:26:53 -0400
From: "Christopher K. Johnson"
<ckjohnson@gwi.net>
Subject: Re: bind update keeps messing up write-rights
To: For users of Fedora <fedora-list@redhat.com>
Message-ID: <4881C16D.7010606@gwi.net>
Content-Type: text/plain; charset=ISO-8859-1;
format=flowed
Gijs wrote:
Sam Varshavchik wrote:
Gijs writes:
Hey List,
Not sure why this is happening so perhaps
someone can explain this
to me.
Whenever I update bind it messes up/resets
access rights on my
zone
files. Now normally this wouldn't be a
bad thing, but because
I have
dynamic updates on, for which named
creates journalizing files, I
end up having non-writeable journalizing
files. So after every
update I end up having to manually change
the access rights on my
jnl files.
Is anyone else having the same problem
and/or is it supposed to be
like this?
You must have bind configured to run in
chroot.
rpm's %post script runs
/usr/sbin/bind-chroot-admin where, if you
have chroot configured, it runs this lovely
bit of code:
chown -h root:named /var/named/*
/dev/null 2>&1;
chown -h root:named
${BIND_CHROOT_PREFIX}/var/named/* >/dev/null
2>&1;
chown -h root:named /etc/{named,rndc}.*
/dev/null 2>&1;
chown -h root:named
${BIND_CHROOT_PREFIX}/etc/{named,rndc}.*
/dev/null 2>&1;
chown -h named:named /var/log/named.log
/dev/null 2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/log/named.log
/dev/null 2>&1;
chmod 750 ${pfx}/var/named >/dev/null
2>&1;
chmod 640 ${pfx}/var/named/* >/dev/null
2>&1;
chmod 750 ${pfx}/var/named/*/.
/dev/null 2>&1;
chmod 660 ${pfx}/var/log/named.log
/dev/null 2>&1;
chown -h named:named
/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
/dev/null
2>&1;
chown -h named:named
${BIND_CHROOT_PREFIX}/var/named/{data{,/*},slaves{,/*},dynamic{,/*}}
/dev/null 2>&1;
chmod 770
${pfx}/var/named/{data,slaves,dynamic} >/dev/null
2>&1;
chmod 660
${pfx}/var/named/{data/*,slaves/*,dynamic/*}
/dev/null
2>&1;
chmod 770
${pfx}/var/named/{data/*/.,slaves/*/.,dynamic/*/.}
/dev/null 2>&1;
Lovely.
Heh, that's indeed lovely. And yea, I've
got named configured to
run
in chroot as it is the default nowadays (at least
on Fedora).
You should note that the 'dynamic'
subfolder contents are set to mode
660.
Move your updateable zone files there and update
the referenced paths in
named.conf accordingly.
Chris
Could you clarify your statement for me please?
1. Othe than my zone files, what else goes into
/var/named/chroot/var/named/dynamic ?
2. My named.conf resides in /var/named/chroot/etc, so
I need to make changes to point to the path -->
/var/named/chroot/var/named/dynamic ?
Thanks
I cannot really clarify point 1, but I can somewhat clarify
point 2.
In my named.conf I now have the following:
zone "0.168.192.in-addr.arpa" IN {
type master;
file "dynamic/named.0.168.192";
allow-update { key rndc; };
};
zone "home" IN {
type master;
file "dynamic/home.zone";
allow-update { key rndc; };
};
This allows named to find the zone files inside the dynamic
folder.
Also, /var/named/chroot/etc/named.conf has a hardlink to
/etc/named.conf
so that might be somewhat easier to type next time you want
to edit that
file
. And because named is running inside a chroot, you
cannot set
the path to "/var/named/chroot/var/named/dynamic"
inside the named.conf.
For named, the chroot basically means that everything is
running from
the /var/named/chroot directory. In other words, if you
refer to
/var/named/dynamic inside your named.conf, it actually
refers to
/var/named/chroot/var/named/dynamic.
Hope this makes sense
It made sense thanks. I changed my named.conf file and relocated my zone files and it seems to work except for a message I get when I restart named.
It says my working directory is not writable. My directory in named.conf is "/var/named" Is this the directory the warning is coming from? What should the permissions be?
Thanks
If you have zone files that need to be changed dynamically (which I
assume you have, since named wants to write something), you need to put
them into /var/named/chroot/var/named/dynamic. And as in my former
reply, change the "file" option of your zone file to
"dynamic/name_of_your_zonefile.zone". After you restart named, it
shouldn't be warning you about a directory not being writeable, since
the dynamic directory is writeable specifically for the purpose of
dynamic zone files.
The permissions I have on my directories should be the same as on your
system, but here they are:
[root@poseidon var]# ls -ld named/
drwxrwx--- 5 root named 4096 2008-07-19 13:20 named/
[root@poseidon var]# ls -l named/ | grep "^d"
drwxrwx--- 2 named named 4096 2004-08-25 22:51 data
drwxrwx--- 2 named named 4096 2008-07-19 13:20 dynamic
drwxrwx--- 2 named named 4096 2004-07-27 16:57 slaves
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
bind update keeps messing up write-rights
)
